Tweet
Hi Folks,
I could use some ideas and opinions here.
Our website recently moved to subscription only. Editorial content (weekly magazine and the daily news service) is login-protected.
The procedure for user authentication uses cookies.
At the top of every page I have the following:
login.inc.php looks like this (cut for brevity):
Now this works just fine for me on IE5.5, Netscape 4.76, Opera 5.02 and I even tested it on Lynx.
But, there are SOME users who claim that, even though they have checked the option to store their info in a cookie (auto-login), they are asked to log in every so often.
I don't know how to address this, and I don't know what I am doing wrong.
The actual setcookie when they log in is:
Whereby $expire is either 0 (if they don't want auto-login) or their subscription's expiration date (normally a year from now).
Since many here have extensive experience with using cookies to authenticate a user, I could use your ideas on what would be the reason some people are experiencing problems?
Thank you,
Bira
I could use some ideas and opinions here.
Our website recently moved to subscription only. Editorial content (weekly magazine and the daily news service) is login-protected.
The procedure for user authentication uses cookies.
At the top of every page I have the following:
PHP Code:
/* no cache headers to make sure the page isn't stored on a proxy */
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
/* the login-checker include */
require("$DOCUMENT_ROOT/subs/login.inc.php");
login.inc.php looks like this (cut for brevity):
PHP Code:
if ($HTTP_COOKIE_VARS[webuserid]=="") {
// redirect to a login form
} else {
/* check the user's details in the database and assuming evertyhing is alright,
then do nothing (in other words the rest of the page is displayed) */
}
But, there are SOME users who claim that, even though they have checked the option to store their info in a cookie (auto-login), they are asked to log in every so often.
I don't know how to address this, and I don't know what I am doing wrong.
The actual setcookie when they log in is:
PHP Code:
setcookie(webuserid,$myquery[userid],$expire,"/",".atlasf1.com");
setcookie(webpassword,md5($myquery[password]),$expire,"/",".atlasf1.com");
Since many here have extensive experience with using cookies to authenticate a user, I could use your ideas on what would be the reason some people are experiencing problems?
Thank you,
Bira
Comment